NuCypher Code Review – KMS For Decentralized Systems

Good code, well written (with other readers in mind) - questions about the use-case?

NuCypher is a project to bring key management systems (KMS) to the blockchain, so that decentralized systems and applications can become more secure. For the NuCypher code review we start off with an example of how their tech works.

Alice has sensitive data that she wants to be able to delegate access to

Alice encrypts her data using her own public key and stores it in the cloud, or decentralized storage

Alice delegates access to Bob. The data is rekeyed to Bob’s key in storage

Bob downloads the data and decrypts it with his private key

The data is rekeyed to Bob’s key in storage. The original signing could not happen with just the private key alone, otherwise rekeying won’t be possible. Let’s quickly jump into private and public keys.

Let’s say I take message “NuCypher Code Review” and I encrypt it with a private key. I would get

Someone who gets hold of the above has no way to reverse engineer it. So what is the value in this? Given 3 inputs, the public key, the hash, and the original message, it is possible to prove that the above was indeed signed by the private key of the corresponding public key. You can confirm this by verifying the signature.

So now you know that I have the private key for the corresponding public key provided. This is how I can prove ownership.

The big thing here, is that with only the original hash, and not the original data, you can’t rekey this information. This is where other key systems come in place that allow for multi key ownerships. So my assumption is that NuCypher must have a similar implementation, let’s jump in.

nucypher-kms and mock-net are the two that interest me, so let’s grab nucypher-kms first.

We have the standard players in the tech stack game, kademlia, rpcudp, lmdb (this one is new), and Ethereum VM contracts.

At this point I realized that Umbral is actually the core, so we changed to pyUmbral

Very cool, so Alice can generate a re-key for Bob, by creating a new shared key via Alice’s private key and Bob’s public key. Bob can then re-encrypt based off of this.

So the process flow would be;

Alice signs data, stores data publicly. Bob wants access and requests access from Alice with his public key. Alice creates a new pair (not technically, but keeping it this way for simplicity), Bob can then decrypt the data with his private key.

Data in transit is never disclosed publicly unless one of the parties discloses it from their end. I like it, let’s keep going.

Back to nucypher-kms:

Good structure, good comments, good encapsulation. I like the layout and content so far.

This is nice, they keep their Alice and Bob theme through all of the code, they add in their user stories before each function and they keep function calls specific, like from_alice above, and having bob as an argument to create the policy between the two of them. This is code written with other readers in mind, I don’t see that often.

REST server with a few basic endpoints, nothing overly fancy.

Local storage using sqlite. The REST functions are solid, moving on.

Another nice implementation, p2p node swarm. Nodes can join and are requested to store encrypted data.

Nice straight forward implementation on Nodes.

So so far, we have the Umbra implementation that allows for the resigning, we have the basic policies implemented to allow for a contract to be made between two participants, and we have the base for the nodes to request storage from one another.

Let’s look at the blockchain side of things:

Time for some smart contract goodies. Escrow contract.

First need to understand PolicyManager, moving to it.

Still not sure what PolicyManager does, it’s a mix of storage policy and staking policy, it has both outlines. I’ll consult the whitepaper.

MinerEscrow, no slashing for misbehaving. This is vesting, not staking, since nothing is at stake. Still, a nice vesting contract for miners.

So, boot up a node, provide re-encryption cycles, minimum token stake required to become a node, rewarded for activity. The token economy seems a bit forced, but it’s standard nowadays to reward people like this, so going to move on.

NuCypher Code Review Conclusions:

Very good code, strong architecture, all core use cases have been proved. It’s a solid implementation with a high caliber skillset. It’s using the standard, ‘let’s incentivize people to provide CPU/Storage/Network by paying them in our token’ philosophy, the staking (vesting) and token economy does seem a bit pushed on top of the solution instead as a natural component to it, but I don’t have any fundamental issues with this approach. Decentralization is a different beast after all.

Not a blockchain, but a novel idea, is there really a demand for Decentralized Dropbox, Encrypted Slack, or patient-controlled electronic health records that you have to pay for? Don’t know, but it’s good code.

Andre is a software architect with 20 years of development experience. After completing his 3 year computer science course in 5 months he was asked to stay on as a lecturer. He moved into telecoms developing big data, high transactional infrastructure, before delving into mobile security and cryptography. His last five years have been spent building bespoke FinTech solutions and leveraging blockchain technology to provide cost-reducing financial products to the unbanked sector in Africa.

We are 100% independent and we never accept any form of payment from ICO marketing teams.

Many of our competitors do. And you can see it in their results (and yours).

If you appreciate us sharing our research and news, please consider donating here.

DISCLAIMER

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media LLC makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media LLC is not an investment advisor. We do not give investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

You should never make an investment decision on an ICO or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, cryptocurrency, currency, tokenized sales, securities, or commodities unless otherwise indicated.

Decentral Media LLC, the publisher of Crypto Briefing, is not an investment advisor and does not offer or provide investment advice or other financial advice. Nothing on this website constitutes, or should be relied on as, investment advice or financial advice of any kind. Specifically, none of the information on this website constitutes, or should be relied on as, a suggestion, offer, or other solicitation to engage in, or refrain from engaging in, any purchase, sale, or any other any investment-related activity with respect to any ICO or other transaction.
You should never make an investment decision on an ICO or other investment based solely on the information on our website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, cryptocurrency, currency, tokenized sales, securities, or commodities.
In exchange for using this site, you agree to hold Decentral Media LLC (including its managers, members, officers, employees, consultants, partners, and affiliates) harmless against any claims for damages arising from any decision you make based on information on this website.
See full terms and conditions for more.